CVE-2021-39011Log File Information Exposure in IBM Cloud PAK FOR Security

CWE-532Log File Information Exposure3 documents3 sources
Severity
4.9MEDIUMNVD
CNA4.2
EPSS
0.3%
top 50.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Cloud PAK FOR Security
Timeline
PublishedJan 20

Description

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 stores potentially sensitive information in log files that could be read by a privileged user. IBM X-Force ID: 213645.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

CVEListV5ibm/cloud_pak_for_security1.10.0.01.10.6.0
NVDibm/cloud_pak1.10.0.01.10.6.0

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-f6m8-cpjp-pwmj: IBM Cloud Pak for Security (CP4S) 12023-01-20
CVEList
IBM Cloud Pak for Security information disclosure2023-01-20
CVE-2021-39011 — Log File Information Exposure in IBM | cvebase